Andrzej Kurek
f40daa3f05
Add version & ciphersuite tests to ssl handshake
...
Add tests exercising various protocol versions and ciphersuites
in the mocked ssl handshake.
2020-02-04 09:00:01 -05:00
Andrzej Kurek
b29807413e
Refactor certificates and keys in ssl handshake mock tests
...
Let the caller decide what certificates and keys are loaded (EC/RSA)
instead of loading both for the server, and an unspecified one
for the client. Use only DER encoding.
2020-02-02 19:25:26 -05:00
Piotr Nowicki
2a1f178d7c
Add test for prescribed states of handshake with the custom IO callbacks
2020-01-31 10:06:04 +01:00
Manuel Pégourié-Gonnard
ead19fecf9
Merge pull request #2975 from mpg/add-zlib-tests-dev
...
Add zlib tests and fix runtime bug
2020-01-31 09:22:24 +01:00
Janos Follath
b719d4bede
Merge pull request #2963 from jiblime/zlib-fix into development
2020-01-30 16:15:16 +00:00
Jaeden Amero
79ef1d4e55
Merge pull request #2987 from AndrzejKurek/iotssl-2958-datagram-transport-simulated
...
Message transport mocks in ssl tests
2020-01-30 10:23:27 +00:00
Manuel Pégourié-Gonnard
d020bfc396
Merge pull request #2949 from zfields/patch-1
...
[cmake] Propagate public headers
2020-01-30 09:53:16 +01:00
Janos Follath
ba1150f822
Merge pull request #2995 from gilles-peskine-arm/coverity-20200115-tls into development
2020-01-29 14:51:24 +00:00
Jaeden Amero
c0c92fea3d
Merge pull request #3008 from jp-bennett/development
...
Allow loading symlinked certificates
2020-01-28 15:55:33 +00:00
Jaeden Amero
bfc73bcfd2
Merge pull request #2988 from piotr-now/iotssl-2954-custom-io-callbacks-to-ssl-unit-test
...
Changes in custom IO callbacks used in unit tests
2020-01-28 14:46:13 +00:00
Piotr Nowicki
d796e19d3b
Fix memory allocation fail in TCP mock socket
...
Because two buffers were aliased too early in the code, it was possible that
after an allocation failure, free() would be called twice for the same pointer.
2020-01-28 13:04:21 +01:00
Janos Follath
4c987e2c83
Merge pull request #2993 from yanesca/bump-version-2.20.0
...
Bump version to Mbed TLS 2.20.0
2020-01-28 11:31:57 +00:00
Manuel Pégourié-Gonnard
042c5e4217
Merge pull request #3000 from gilles-peskine-arm/changelog-2.20.0
...
Add changelog entries for the crypto changes in 2.20.0
2020-01-28 09:38:30 +01:00
Zachary J. Fields
96134effea
Update ChangeLog
2020-01-27 16:12:02 -06:00
Janos Follath
4c736fb6a8
Update Mbed Crypto SO version
...
The recent update changed the Mbed Crypto SO version, get Mbed TLS in
sync.
2020-01-27 16:37:14 +00:00
Janos Follath
ceceedb532
Update Mbed Crypto to 3.0.1
2020-01-27 16:23:55 +00:00
Gilles Peskine
e3b285d2c8
Add crypto security fixes merged after mbedcrypto-3.0.0
2020-01-27 14:24:19 +01:00
Jaeden Amero
62236d7651
Add ChangeLog entry
...
Add a ChangeLog entry for Jonathan Bennett's contribution which allows
loading symlinked certificates.
2020-01-24 18:20:56 +00:00
Jonathan Bennett
fdc16f36b4
Allow loading symlinked certificates
...
When mbedtls_x509_crt_parse_path() checks each object in the supplied path, it only processes regular files. This change makes it also accept a symlink to a file. Fixes #3005 .
This was observed to be a problem on Fedora/CentOS/RHEL systems, where the ca-bundle in the default location is actually a symlink.
2020-01-24 09:12:03 -06:00
Manuel Pégourié-Gonnard
f2e2902c5a
Add detection for zlib headers to all.sh
2020-01-24 10:44:13 +01:00
Manuel Pégourié-Gonnard
c40b685837
Fix bug in record decompression
...
ssl_decompress_buf() was operating on data from the ssl context, but called at
a point where this data is actually in the rec structure. Call it later so
that the data is back to the ssl structure.
2020-01-24 10:44:13 +01:00
Manuel Pégourié-Gonnard
342d2ca9ab
Add test for record compression in ssl-opt.sh
...
Deprecated but still needs to be tested.
2020-01-24 10:44:13 +01:00
Manuel Pégourié-Gonnard
95e04490fa
Add all.sh components with ZLIB enabled
...
ZLIB support is deprecated, but until it's removed it should still be tested.
2020-01-24 10:44:13 +01:00
Gilles Peskine
80fcacebdb
Add changelog entry for the zlib support fix
2020-01-24 09:35:01 +01:00
jiblime
9f25b8deff
Fixes definition error when the deprecated MBEDTLS_ZLIB_SUPPORT and ENABLE_ZLIB_SUPPORT macro are defined/enabled for zlib support in mbedtls
...
100% tests passed, 0 tests failed out of 85
https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1842
https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.19.1/library/ssl_tls.c#L1862
2020-01-24 09:34:06 +01:00
Gilles Peskine
50f577067c
Fix GitHub repository indications for crypto changes in 2.20
...
The content was originally written for mbed-crypto. Change pull
request references to be relative to mbedtls instead.
2020-01-22 19:02:59 +01:00
Gilles Peskine
8c7d2c25a4
Remove markdown artifacts
2020-01-22 19:02:09 +01:00
Gilles Peskine
4073d4e529
Add changelog entry for the unchecked mbedtls_md call
2020-01-22 18:58:20 +01:00
Gilles Peskine
6a4c340c36
Add changelog entries for the crypto changes in 2.20.0
...
Describe changes between mbedcrypto-2.0.0 (version in Mbed TLS 2.19.0)
and mbedcrypto-3.0.0 (version in Mbed TLS 2.20.0).
2020-01-22 18:28:24 +01:00
Piotr Nowicki
890b5ca330
Change non-blocking read/write in TCP mock socket
...
Previously mocked non-blocking read/write was returning 0 when buffer was empty/full. That was causing ERR_SSL_CONN_EOF error in tests which was using these mocked callbacks. Beside that non-blocking read/write was returning ERR_SSL_WANT_READ/_WRITE depending on block pattern set by test design. Such behavior forced to redesign of these functions so that they could be used in other tests
2020-01-22 14:15:17 +01:00
Piotr Nowicki
fb437d72ef
Fix segmentation fault in mbedtls_test_buffer
...
This error occurs when free space in the buffer is in the middle (the buffer has come full circle) and function mbedtls_test_buffer_put is called. Then the arguments for memcpy are calculated incorrectly and program ends with segmentation fault
2020-01-22 13:25:36 +01:00
Andrzej Kurek
bc483dea84
Add a message-based socket mock connection to the ssl tests
...
The connection will send/receive full messages.
2020-01-22 06:38:03 -05:00
Andrzej Kurek
13719cdae4
Add a message metadata queue in ssl tests
...
Add a metadata queue that will be used on top of the ring buffer callbacks.
Add normal and negative tests.
2020-01-22 06:36:39 -05:00
Andrzej Kurek
f7774146b6
ssl test suite: enable dropping bytes from buffer
...
Add an option to not pass any buffer to mbedtls_test_buffer_get to drop data.
2020-01-22 06:34:59 -05:00
Gilles Peskine
9c673233bc
Fix outcome file leak if execute_tests exits early
...
If there was a fatal error (bizarre behavior from the standard
library, or missing test data file), execute_tests did not close the
outcome file. Fix this.
2020-01-21 18:03:56 +01:00
Gilles Peskine
2ac4d86040
Fix file leak in test program
...
A similar bug was fixed earlier in ssl_server2, but we missed the fix
in ssl_client2.
2020-01-21 17:39:52 +01:00
Gilles Peskine
b08e44fda7
Add missing return code check on call to mbedtls_md()
2020-01-21 16:56:14 +01:00
Janos Follath
83f33d33eb
Bump version to Mbed TLS 2.20.0
2020-01-20 14:52:29 +00:00
Jaeden Amero
dbcb44202c
Update Mbed Crypto to 3.0.0
2020-01-15 18:08:44 +00:00
Jaeden Amero
d56a2af3f8
Add date to ChangeLog for 2.20.0 release
2020-01-15 18:07:20 +00:00
Janos Follath
dbd3304e8f
Merge branch 'development' into development-restricted
2020-01-15 16:06:15 +00:00
Jaeden Amero
252faff19f
Merge pull request #2966 from dgreen-arm/fix-pylint-warnings
...
Sideport: Fix some pylint warnings
2019-12-20 16:07:07 +00:00
Darryl Green
fb5faa2582
Fix some pylint warnings
...
Add docstrings where they were missing and fix a too-long line
2019-12-20 15:14:59 +00:00
Jaeden Amero
ccdeb47cdf
Merge pull request #2958 from yanesca/iotcrypt-942-initialise-return-values
...
Initialize return values to an error
2019-12-19 11:33:03 +00:00
Janos Follath
73c616bdc1
Put includes in alphabetical order
...
The library style is to start with the includes corresponding to the
current module and then the rest in alphabetical order. Some modules
have several header files (eg. ssl_internal.h).
The recently added error.h includes did not respect this convention and
this commit restores it. In some cases this is not possible just by
moving the error.h declarations. This commit fixes the pre-existing
order in these instances too.
2019-12-19 10:27:57 +00:00
Janos Follath
df587ee6d6
Remove duplicate include statement
...
Now that the Error module has error codes as well and is processed by
the generate_errors script like any other module, we don't need to
include the header manually.
2019-12-19 10:27:57 +00:00
Janos Follath
d8752858fc
Update crypto submodule
2019-12-19 10:27:04 +00:00
Jaeden Amero
40f923ecf7
Merge pull request #2961 from RonEld/update_readme_to_vs_2012
...
Update the VS version in the Readme file
2019-12-18 13:43:05 +00:00
Ron Eldor
05b44892c0
Change the version of VS
...
Change the miniaml version to the correct one - 2013. Revet the
VS version in the tests to 2010, since the solution file
hasn't been updated yet.
2019-12-18 14:28:18 +02:00
Ron Eldor
c5074be0ce
Update the VS version in the Readme file
...
Update the VS version in the README file to 2012, as this is the
minimal version supported.
2019-12-18 14:00:13 +02:00